Data-sharing before the internet

Current and future data-sharing

- Customer used to be in control

when it concerned their personal
information;
- They would consciously and
willingly share details of their
personal life;
- A lot of this information sharing
took place physically or by the use
of paper;
- Which often resulted in a personal
relationship or connection;
- Resulting in a fundament for
future customer business
relationships.

- Customers will get in control when

it concerns their personal data;
- More and more possibilities to
share their personal data;
- Companies will selectively use
data based on their customer s
value: The customer manages the
relationship, he or she is in charge!

Use the customers relevant

personal data.
- Internet will be a commonplace for
people to spend their time, money
and lives. Not only consumers are
seduced but they are helped with
their decisions when and how they
want;
- Customers will know which
information they share and when it
is used by companies;
- With this knowledge data can be
used efficiently to provide
information when the customer
needs it;
- Because the customer gets more
in control, companies can adapt
rapidly to changing privacy-laws
(EU General Data Protection
Regulation).

Internet enabled free-flow of

data
- The rise of the internet and digital
media enabled companies to
acquire personal information about
their customers without the
customer knowing or controlling it;
- Customers where unaware of the
consequences and impact of
sharing their information;
- Companies seduce their
customers to share their data
online and are actively exploring
Big Data;
- No pan european uniform
applicable legislation is in place to
protect customers.

Deloitte s multidisciplinary
approach

Data pollution caused a digital

dump
- Internet as an open and attractive
channel to acquire personal Data
resulted in an overuse of data
which is untraceable for the
customers;
- This phenomenon resulted in a
wild grow of data use of which the
customer is unaware;
- The traditional solutions for
identity management and customer
relationship management are
limited in their support of the digital
age;
- Companies have to cope with a
myriad of rules and regulations that
deal with privacy and data
protection. In order to stay
compliant expertise of data,
security, identity and privacy needs
to be blended.

Privacy unconcerned 15%

Privacy pragmatist 60%

Privacy fundamentalist 25%

- Do not really understand all the fuss about privacy;

- Sharing information should be the norm, to reap
benefits as much as possible;
- Regulation is not needed; the market will sort it out.

- Cares about privacy, but judges case-by-case;

- Want to make informed decision about sharing;
- Do want a good deal for sharing their information;
- Favours legislation to prevent undesirable excesses.

- Values privacy highly;

- Rejects idea that others need their information;
- Likely will refuse to give information when asked;
- In favour of strong legislation to protect privacy rights.

Privacy-by-design ground rules

Privacy by Default:
Legal: legitimate grounds, purpose limitation, consent, notice, disposal
Data: anonymisation, minimalisation
Technical: encryption, hashing, Privacy Enhancing Technologies (PETs)
Risk Management: privacy risk analysis, control frameworks, audit program

Privacy embedded into Design: Incorporate the concept of privacy asap

Full Lifecycle Protection: Track data from begin to the end
Proactive & Preventative: Investigate & be prepared & look forward
Transparency: Good and clear communication is key!
Operational: maintain data quality, data & access location, guidelines, training

Most importantly never forgot that user/customer experience is leading!

Prevent the function creep feeling!

- Assessment of current data,

security and privacy wise. Goal is
to combine data, security, identity
and privacy competencies to create
an overview;
- Build a strategic plan how to
increase customer relevancy based
on the core infrastructure of the
client. It is key to connect privacy
relevant information and identity
management solutions and
insights;
- Operationalize the plan as part of
a broader digital/marketing
transformation. Project
management and multidisciplinary
skills are required to embed the
new paradigm in the organization;

Our approach will differ for each

individual company, but the
above described process is a
generic guideline how Deloitte
combines in-house expertise and
capabilities to enable customer
relevancy.